Vulnerability Note VU#297363
PHP contains vulnerability in "php_mime_split" function allowing arbitrary code execution
Overview
Vulnerabilities in PHP versions 3 and 4 could allow an intruder to execute arbitrary code with the privileges of the web server.
Description
PHP is a scripting language widely used in web development. PHP can be installed on a variety of web servers, including Apache, IIS, Caudium, Netscape and iPlanet, OmniHTTPd and others. Vulnerabilities in the php_mime_split function may allow an intruder to execute arbitrary code with the privileges of the web server. For additional details, see Web servers that do not have PHP installed are not affected by this vulnerability. |
Impact
Intruders can execute arbitrary code with the privileges of the web server, or interrupt normal operations of the web server. |
Solution
Upgrade to PHP version 4.1.2, available from http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz. If upgrading is not possible, apply patches as described at http://www.php.net/downloads.php:
http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.1.x.gz For PHP 4.06 http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.0.6.gz For PHP 3.0 http://www.php.net/do_download.php?download_file=mime.c.diff-3.0.gz If you are using version 4.20-dev, you are not affected by this vulnerability. Quoting from http://security.e-matters.de/advisories/012002.htm, "users running PHP 4.2.0-dev from cvs are not vulnerable to any of the described bugs because the fileupload code was completly rewritten for the 4.2.0 branch. " |
If upgrading is not possible or a patch cannot be applied, you can avoid these vulnerabilities by setting file_uploads = Off in the php.ini file for version 4.0.3 and above. This will prevent you from using fileuploads, which may not be acceptable for your operation. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Apache Software Foundation | Affected | - | 27 Feb 2002 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://security.e-matters.de/advisories/012002.html
- http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.1.x.gz
- http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.0.6.gz
- http://www.php.net/do_download.php?download_file=mime.c.diff-3.0.gz
Credit
Our thanks to Stefan Esser, upon whose advisory this document is based.
This document was written by Shawn V. Hernan.
Other Information
- CVE IDs: Unknown
- Date Public: 27 Feb 2002
- Date First Published: 27 Feb 2002
- Date Last Updated: 27 Feb 2002
- Severity Metric: 55.08
- Document Revision: 7
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.